PKG_NAME:=libesmtp
PKG_VERSION:=1.0.6
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_MAINTAINER:=Othmar Truniger <github@truniger.ch>
PKG_LICENSE:=LGPL-2.0+
PKG_LICENSE_FILES:=COPYING
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/tru7/libesmtp.git
-PKG_SOURCE_VERSION=10e9a6df9f76da610941addf71b9a3cbf94f2e9f
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_MIRROR_HASH:=6f703766be05cc0cd861790ee041d1c2910b6d6e7bb8805ed739839c7801bfcc
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=http://brianstafford.info/libesmtp
+PKG_HASH:=d0a61a5c52d99fa7ce7d00ed0a07e341dbda67101dbed1ab0cdae3f37db4eb0b
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
SECTION:=libs
CATEGORY:=Libraries
TITLE:=A Library for Posting Electronic Mail
- URL:=https://github.com/tru7/libesmtp.git
+ URL:=http://brianstafford.info/libesmtp/
DEPENDS:=+libpthread +libopenssl
endef
--- /dev/null
+diff --git a/configure b/configure
+index d586ca2..ee39284 100755
+--- a/configure
++++ b/configure
+@@ -11896,9 +11896,9 @@ fi
+
+ fi
+ if test x$with_openssl != xno ; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_library_init in -lssl" >&5
+-$as_echo_n "checking for SSL_library_init in -lssl... " >&6; }
+-if test "${ac_cv_lib_ssl_SSL_library_init+set}" = set; then :
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5
++$as_echo_n "checking for SSL_new in -lssl... " >&6; }
++if test "${ac_cv_lib_ssl_SSL_new+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -11913,27 +11913,27 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ #ifdef __cplusplus
+ extern "C"
+ #endif
+-char SSL_library_init ();
++char SSL_new ();
+ int
+ main ()
+ {
+-return SSL_library_init ();
++return SSL_new ();
+ ;
+ return 0;
+ }
+ _ACEOF
+ if ac_fn_c_try_link "$LINENO"; then :
+- ac_cv_lib_ssl_SSL_library_init=yes
++ ac_cv_lib_ssl_SSL_new=yes
+ else
+- ac_cv_lib_ssl_SSL_library_init=no
++ ac_cv_lib_ssl_SSL_new=no
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_library_init" >&5
+-$as_echo "$ac_cv_lib_ssl_SSL_library_init" >&6; }
+-if test "x$ac_cv_lib_ssl_SSL_library_init" = x""yes; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_new" >&5
++$as_echo "$ac_cv_lib_ssl_SSL_new" >&6; }
++if test "x$ac_cv_lib_ssl_SSL_new" = x""yes; then :
+
+ with_openssl=yes
+ LIBS="-lssl -lcrypto $LIBS"
+diff --git a/smtp-tls.c b/smtp-tls.c
+index 9a66806..5bdc191 100644
+--- a/smtp-tls.c
++++ b/smtp-tls.c
+@@ -64,10 +64,12 @@ openssl_mutexcb (int mode, int n,
+ const char *file __attribute__ ((unused)),
+ int line __attribute__ ((unused)))
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (mode & CRYPTO_LOCK)
+ pthread_mutex_lock (&openssl_mutex[n]);
+ else
+ pthread_mutex_unlock (&openssl_mutex[n]);
++#endif
+ }
+ #endif
+
+@@ -76,7 +78,7 @@ starttls_init (void)
+ {
+ if (tls_init)
+ return 1;
+-
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #ifdef USE_PTHREADS
+ /* Set up mutexes for the OpenSSL library */
+ if (openssl_mutex == NULL)
+@@ -94,9 +96,12 @@ starttls_init (void)
+ CRYPTO_set_locking_callback (openssl_mutexcb);
+ }
+ #endif
+- tls_init = 1;
+ SSL_load_error_strings ();
+ SSL_library_init ();
++#else
++ OPENSSL_init_ssl(0, NULL);
++#endif
++ tls_init = 1;
+ return 1;
+ }
+
--- /dev/null
+Description: Add TLSv1.1 and TLSv1.2 support
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/802658
+Forwarded: yes
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2015-11-07
+
+--- a/smtp-tls.c
++++ b/smtp-tls.c
+@@ -197,11 +197,24 @@ starttls_create_ctx (smtp_session_t sess
+ ckf_t status;
+
+ /* The decision not to support SSL v2 and v3 but instead to use only
+- TLSv1 is deliberate. This is in line with the intentions of RFC
++ TLSv1.X is deliberate. This is in line with the intentions of RFC
+ 3207. Servers typically support SSL as well as TLS because some
+ versions of Netscape do not support TLS. I am assuming that all
+ currently deployed servers correctly support TLS. */
+- ctx = SSL_CTX_new (TLSv1_client_method ());
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
++ !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)
++ ctx = SSL_CTX_new (TLS_client_method ());
++#else
++ ctx = SSL_CTX_new (SSLv23_client_method ());
++#endif
++
++#ifdef OPENSSL_NO_SSL3
++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
++#endif
++
++#ifdef OPENSSL_NO_SSL2
++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
++#endif
+
+ /* Load our keys and certificates. To avoid messing with configuration
+ variables etc, use fixed paths for the certificate store. These are